CN113688380B - Password protection method, device and medium - Google Patents
Password protection method, device and medium Download PDFInfo
- Publication number
- CN113688380B CN113688380B CN202111244197.XA CN202111244197A CN113688380B CN 113688380 B CN113688380 B CN 113688380B CN 202111244197 A CN202111244197 A CN 202111244197A CN 113688380 B CN113688380 B CN 113688380B
- Authority
- CN
- China
- Prior art keywords
- password
- invalidation
- authentication
- state
- enabling
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 238000004590 computer program Methods 0.000 claims description 13
- 230000009849 deactivation Effects 0.000 description 16
- 238000012545 processing Methods 0.000 description 8
- 230000007246 mechanism Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 238000012419 revalidation Methods 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a password protection method, which aims at solving the problem that a plurality of passwords can be invalid after one password is broken when a plurality of passwords are used at present, and comprises the following steps: after the password passes the authentication, determining the designated bit of the password invalidation enabling identification stored in the storage medium according to the password passing the authentication at present, wherein the designated bit has only one bit because only one password passes the authentication; setting the designated bit to be in an allowed state, and setting other bits to be in a non-allowed state, wherein the password invalidation enabling identification is in one-to-one correspondence with each password according to the bit, and only when the password invalidation enabling identification corresponding to the current password is in the allowed state, the password is allowed to be invalidated; judging whether a failure password request is received or not; and when a password invalidation request is received, carrying out invalidation operation on the password corresponding to the designated bit. Therefore, only one password can be invalidated in one login, and the problem that all passwords can be invalidated after one password is cracked is solved.
Description
Technical Field
The present application relates to the field of integrated circuit design and application, and in particular, to a method, an apparatus, and a medium for password protection.
Background
In actual production life, in order to ensure security, a use password is usually set on a chip of a part of electronic equipment with needs, the equipment can be started or operated only after password authentication is passed, and meanwhile, in order to prevent the problem that the equipment is not safe any more after a single password is cracked and is easy to be cracked, a mode of adding multiple passwords or a root password is usually used at present.
In recent years, the problem of single password is usually solved by adding multiple passwords or root passwords, but when multiple passwords are used, the condition that multiple passwords are invalidated at one time is not considered by a multiple-password invalidation mechanism, and once one password is broken, all passwords can be invalidated, so that the chip and the system are invalidated.
Therefore, those skilled in the art need a password protection method to solve the problem that when multiple passwords are used, all passwords can be disabled after one password is cracked.
Disclosure of Invention
The application aims to provide a password protection method, a password protection device and a password protection medium, and solves the problem that when multiple passwords are used, all the passwords can be disabled after one password is cracked.
In order to solve the above technical problem, the present application provides a password protection method, applied to a password protection device including a storage medium, including: after the password passes the authentication, determining the assigned position of the password invalidation enabling identifier according to the password passing the authentication at present, wherein the password invalidation enabling identifier is stored in a storage medium and used for representing whether to allow the password to be invalidated; setting the appointed bit of the password invalidation enabling identification to be in an allowable state, and setting other bits of the password invalidation enabling identification to be in a non-allowable state, wherein the password invalidation enabling identification corresponds to each password in a one-to-one correspondence mode according to bits, and only when the password invalidation enabling identification corresponding to the current password is in the allowable state, the password invalidation operation is allowed; judging whether a failure password request is received or not; and when a password invalidation request is received, carrying out invalidation operation on the password corresponding to the designated bit.
Preferably, the available password which can pass the password authentication is unique in one-time password authentication, and the available password is determined by the password state identifier, and the states of different bits of the password state identifier respectively represent whether different passwords are invalid or not.
Preferably, the cryptographic state identification is stored in a one-time programmable read-only memory.
Preferably, the method further comprises the following steps: and when all the passwords are invalid, entering a locking state and prohibiting external input from operating.
Preferably, the method further comprises the following steps: and when the lock state is entered, playing the prompt message.
Preferably, the method further comprises the following steps: and after the password is reconfigured and the one-time programmable read-only memory storing the corresponding password state identifier is replaced, the locking state is released.
In order to solve the above problem, the present application further provides a password protection device, including: a storage medium and a controller; the storage medium is connected with the controller, and the controller is used for determining the designated bit of the password failure enabling identifier according to the password passing the authentication at present after the password passes the authentication; setting the appointed bit of the password invalidation enabling identification to be in an allowable state, and setting other bits of the password invalidation enabling identification to be in a non-allowable state, wherein the password invalidation enabling identification corresponds to each password in a one-to-one correspondence mode according to bits, and only when the password invalidation enabling identification corresponding to the current password is in the allowable state, the password invalidation operation is allowed; judging whether a failure password request is received or not; and when a failure password request is received, performing failure operation according to the password corresponding to the designated bit.
In order to solve the above problem, the present application further provides a password protection device, including: the determining module is used for determining the designated bit of the password failure enabling identifier according to the password passing the authentication at present after the password authentication passes; the setting module is used for setting the designated bit of the password invalidation enabling identification to be in an allowable state, and other bits are in a non-allowable state, wherein the password invalidation enabling identification corresponds to each password one by one according to the bit, and the password invalidation operation is allowed to be carried out only when the password invalidation enabling identification corresponding to the current password is in the allowable state; the judging module is used for judging whether a failure password request is received or not; and the failure module is used for performing failure operation according to the password corresponding to the designated bit when receiving the failure password request.
Preferably, the method further comprises the following steps: and the locking module is used for entering a locking state and forbidding external input to operate when all passwords fail.
Preferably, the method further comprises the following steps: and the prompt module is used for playing prompt information when entering a locking state.
Preferably, the method further comprises the following steps: and the unlocking module is used for unlocking the locking state after the password is reconfigured and the one-time programmable read only memory storing the corresponding password state identifier is replaced.
In order to solve the above problem, the present application further provides a password protection device, including: a memory for storing a computer program; a processor for implementing the steps of the password protection method as described above when executing the computer program.
To solve the above problem, the present application further provides a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the steps of the password protection method as described above.
The password protection method provided by the application sets each password invalidation enabling identifier corresponding to different passwords one by one after password authentication is passed, the bit corresponding to the password passing authentication on the password invalidation enabling identifier is set to be in an allowable state, other bits are in an unallowable state, and only when one bit on the password invalidation enabling identifier is in the allowable state, invalidation operation can be carried out on the password corresponding to the bit, so that only one password can be invalidated during one login, only the current password can be invalidated, and the problem that all passwords can be invalidated after one password is cracked is solved.
The password protection device and the computer readable storage medium provided by the application correspond to the method, and the effect is the same as that of the method.
Drawings
In order to more clearly illustrate the embodiments of the present application, the drawings needed for the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings can be obtained by those skilled in the art without inventive effort.
FIG. 1 is a flow chart of a password protection method provided by the present invention;
FIG. 2 is a flow chart of another password protection method provided by the present invention;
FIG. 3 is a block diagram of a password protection device according to the present invention;
FIG. 4 is a block diagram of another password protection device provided in the present invention;
fig. 5 is a structural diagram of another password protection device provided by the present invention.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without any creative effort belong to the protection scope of the present application.
The core of the application is to provide a password protection method, a password protection device and a password protection medium.
In order that those skilled in the art will better understand the disclosure, the following detailed description will be given with reference to the accompanying drawings.
In practical engineering application, in order to ensure security, a password is set on an important or controlling device, and only when a user inputs the password correctly, the user can obtain corresponding authority to operate the device. To solve the problem of password singleness, a multi-password or root password is generally used at present. In the use of multiple passwords, when an operator considers that a certain password is no longer safe, the password can be invalidated, and the invalidated password is no longer passed in next password authentication, but the current multiple password invalidation mechanism does not consider the condition that multiple passwords are invalidated at one time, and after a lawbreaker cracks one password, all the passwords can be invalidated, so that equipment is no longer safe or cannot be used. Therefore, as shown in fig. 1, the present application provides a password protection method, including:
s101: and after the password passes the authentication, determining the designated position of the password invalidation enabling identifier according to the password passing the authentication currently, wherein the password invalidation enabling identifier is stored in the storage medium 21 and is used for representing whether to allow the password to be invalidated.
S102: setting the appointed bit of the password invalidation enabling identification to be in an allowable state, and setting other bits to be in a non-allowable state, wherein the password invalidation enabling identification corresponds to each password in a one-to-one correspondence mode according to bits, and only when the password invalidation enabling identification corresponding to the current password is in the allowable state, the password invalidation operation is allowed.
S103: and judging whether a password invalidation request is received.
S104: and when a password invalidation request is received, carrying out invalidation operation on the password corresponding to the designated bit.
It will be readily appreciated that the reference to a password in this application is a means of encryption to a device, and is equivalent in effect to a public and private key based encryption algorithm, including but not limited to the RSA algorithm.
The RSA algorithm: the RSA public key cryptosystem is a cryptosystem that uses different encryption and decryption keys, and it is computationally infeasible to derive a decryption key from a known encryption key. RSA is also the most widely studied public key algorithm, has experienced various attacks in recent thirty years since the introduction, is gradually accepted by people, and is generally considered to be one of the most excellent public key schemes at present.
In this embodiment, a device stores a plurality of passwords in advance, the passwords correspond to different bits of the password deactivation enabling identifier one to one, and only when the corresponding bit of the password deactivation enabling identifier is in an allowable state, the password deactivation operation can be performed on the password. And after passing the authentication each time, a certain password is not necessary to be invalidated, if the password is still safe, the password invalidation operation is not needed by the operator, and after the password authentication next time, the operator determines whether the password invalidation operation is needed or not.
Meanwhile, the number of passwords that can be authenticated during one-time password authentication is not limited in this embodiment, and may be one or multiple; the password which can not pass the authentication can be a failed password or a password which is not failed but cannot be authenticated at this time, and the judgment logic of the specific password authentication can be freely determined according to the actual needs.
In the password protection method provided by this embodiment, after the password authentication passes, the password deactivation enabling identifier is set, only the designated bit corresponding to the password passing the password authentication at this time is set to be in the permitted state, and other bits are in the non-permitted state, that is, if an operator performs a password deactivation operation at this time, only one password can be deactivated, thereby further ensuring the security of the device. Meanwhile, the invalid password is authenticated by the current password, when a lawbreaker attacks and decrypts a certain password, all passwords cannot be invalid so that the equipment cannot work normally, the current password can only be invalid, and the current password is not safe any more because the current password is already decrypted by the lawbreaker, so that the safety of the equipment is not influenced even if the current password is invalid.
As can be seen from the above, when the above embodiment does not limit the password authentication, there is one available password that can be authenticated, so when there are multiple available passwords, a lawless person may attack the device through authentication by breaking only one available password, and therefore, the present embodiment provides a preferred scheme on the basis of the above embodiment: the available password which can pass the password authentication is unique in one-time password authentication, the available password is determined by the password state identification, and the states of different bits of the password state identification respectively represent whether different passwords are invalid or not.
It is easy to understand that different bits of the password status flag correspond to each password one-to-one, and also correspond to the password failure enable flag one-to-one, and the status of a certain bit of the password status flag indicates whether the password corresponding to the certain bit of the password status flag is failed, for example, in a preferred scheme, the password status flag is a string of binary numbers, when the second bit is 1, the second password is failed, when the third bit is 0, the third password is valid, and so on. In addition, in this embodiment, no limitation is made on the storage location of the password state identifier, the password state identifier may be stored in the memory of the device, or may be stored in an external storage medium, and when the password state identifier is stored in the memory of the device, the memory may be the storage medium 21 storing the password invalidation enabling identifier as described in the above embodiment, or may be another memory.
Also, a preferred solution for the password deactivation enabled identifier is: the password invalidation enabling identifier is a string of binary numbers, when the second bit is 1, the second bit of the password state identifier is allowed to be modified, namely, the second password is invalidated, and the like. However, the embodiment does not limit the specific implementation form of the password status flag and the password disable flag to the above one, and may be determined according to actual needs.
In addition, since there are a plurality of unverified passwords during one-time password authentication, and the password protection method provided in this embodiment has only one available password in one-time password authentication, this embodiment provides a preferred scheme regarding how to determine the available password: the passwords are arranged in sequence, and the passwords which are not invalid are arranged in sequence, so that a certain password is determined to be an available password for the password authentication, for example: the preset passwords are 8, the 8 passwords are arranged in sequence, the password which is invalidated last time is the 3 rd password, before next password invalidation operation is carried out, the available password is the next password which is invalidated last time, namely the 4 th password, and the like. Another scheme is as follows: when the password invalidation operation is performed each time, the available password for next password authentication is designated as one of the valid passwords, and when the password invalidation operation is not performed, the available password is a preset password when all passwords are configured.
The advantages of this embodiment over the above embodiments are: when a valid password is leaked, if the password is not the current valid password, the password authentication cannot be passed by the password, so that the possibility that the equipment is attacked and cracked is reduced, and the safety of the password protection method is further improved.
It can be seen from the above description that, in the password protection method provided in the foregoing embodiment, a certain password is invalidated by modifying the corresponding bit of the password state identifier, so that modifying a certain bit of the password state identifier from valid to invalid is a password invalidation operation, but if a certain bit of the password state identifier is modified from invalid to valid, the password invalidation operation is a revalidation operation of the invalidated password. The above embodiment does not limit the process of modifying the password status identification to only the valid status to the invalid status, but the above embodiment does not describe the process of the password status to the valid status because the password is not safe once leaked and does not need to be valid again. Meanwhile, if the invalid password is allowed to be set to be valid again, the invalid password can be utilized by a lawless person to threaten the safety of the equipment, so the embodiment provides a preferred scheme: the password status flag is stored in a One Time programmable Read-Only Memory (OTP ROM).
OTP ROM: the one-time programmable ROM can be programmed once, data cannot be erased or rewritten after programming, and data cannot be lost after power failure. For example, in a preferred embodiment where the password status flag indicates whether the password is disabled or not as mentioned in the above embodiment, the data is 0 when the OTP ROM is not programmed, and the data becomes 1 after programming.
When the password state identifier is stored in the OTP ROM, the password state identifier of the corresponding bit is programmed only when password failure operation is carried out, so that the corresponding password is failed, the password is permanently failed and cannot be restored again unless a new OTP ROM is replaced and a new password is configured, the problem that equipment can pass the password authentication next time due to the fact that a lawbreaker restores the failed password which is not safe any more is avoided, and the safety of the equipment is further enhanced.
Since the number of passwords preset in the device in advance is limited, after the password invalidation operation is performed for multiple times, all passwords may be invalidated, and at this time, the password protection mechanism of the device is invalidated, so that, in view of this, as shown in fig. 2, the present embodiment provides a password protection method including:
s105: and when all the passwords are invalid, entering a locking state and prohibiting external input from operating.
When all passwords fail, a chip or other control devices in the equipment enter a locking state, any operation request from external input is not accepted any more, data stealing or other operation causing damage due to failure of a password protection mechanism is avoided to the greatest extent, and the safety and reliability of the equipment are further enhanced.
Meanwhile, when the device enters the locked state, in order to enable the operator to know and perform corresponding processing in time, the embodiment further provides a preferred scheme as follows:
s106: and when the lock state is entered, playing the prompt message.
The prompt information mentioned in this embodiment may be a sound information or a light signal, and a specific implementation manner may select a suitable manner according to an actual requirement, for example, for a noisy factory environment, it is preferable to provide the prompt information in the form of a light signal by using schemes such as an indicator light.
When the equipment enters the locking state, the equipment is in an abnormal state that the password protection mechanism is invalid, and the prompt information is played, so that an operator can know and perform corresponding operation in time.
In addition, since the device itself that enters the locked state due to all the passwords being invalid is not damaged and can still work after the lock is released, the embodiment further provides a preferable scheme that:
s107: and after the password is reconfigured and the one-time programmable read-only memory storing the corresponding password state identifier is replaced, the locking state is released.
As can be seen from the above, although the device is prohibited from being operated by external input after entering the locked state, operations on hardware are still possible, such as replacing a register, and the like, and a preferred solution is provided in the above embodiment, in which the password state identifier is stored in the OTP ROM, so that the password is restored after the OTP ROM is replaced, but since the previous password is no longer secure, the password needs to be replaced, and after the password is replaced, the password protection mechanism of the device is restored to normal, the device can continue to be used normally, so that the device is unlocked without replacing the device, and the cost is saved.
The equipment is combined to enter a locking state after all passwords fail, prompt information is played to an operator, the OTP ROM with the password state identification is replaced after the operator checks out the problem, the equipment releases the locking state after the passwords are reconfigured, and thus a set of complete emergency protection measures for dealing with password failure are formed, and the safety of the equipment is further ensured.
In the above embodiments, the password protection method is described in detail, and the present application also provides embodiments corresponding to the password protection device. It should be noted that the present application describes the embodiments of the apparatus portion from two perspectives, one from the perspective of the function module and the other from the perspective of the hardware.
Fig. 3 is a structural diagram of a password protection device provided in the present application, and as shown in fig. 3, the password protection device includes: a storage medium 21 and a controller 22; the storage medium 21 is connected with the controller 22 and is used for storing a password invalidation enabling identifier, and the password invalidation enabling identifier indicates whether to allow the password to be invalidated; the controller 22 is configured to determine, according to the password passing the authentication currently, a designated bit of the password invalidation enabling identifier after the password authentication passes; setting the appointed bit of the password invalidation enabling identification to be in an allowable state, and setting other bits of the password invalidation enabling identification to be in a non-allowable state, wherein the password invalidation enabling identification corresponds to each password in a one-to-one correspondence mode according to bits, and only when the password invalidation enabling identification corresponding to the current password is in the allowable state, the password invalidation operation is allowed; judging whether a failure password request is received or not; and when a password invalidation request is received, carrying out invalidation operation on the password corresponding to the designated bit.
Fig. 4 is a structural diagram of another password protection device provided in the present application, and as shown in fig. 4, the password protection device includes:
the determining module 31 is configured to determine, according to the password passing the authentication currently, a specified location of a password deactivation enabling identifier after the password authentication passes, where the password deactivation enabling identifier is stored in the storage medium 21 and used to represent whether to allow a password deactivation operation;
the setting module 32 is configured to set a designated bit of the password deactivation enabling identifier to be in an allowed state, and set other bits of the password deactivation enabling identifier to be in a non-allowed state, where the password deactivation enabling identifier corresponds to each password in a bit-to-bit manner, and only when the password deactivation enabling identifier corresponding to the current password is in the allowed state, the password is allowed to be deactivated;
a judging module 33, configured to judge whether a password deactivation request is received;
and the invalidation module 34 is configured to perform invalidation operation according to the password corresponding to the designated bit when receiving the invalidation password request.
As a preferred embodiment, the password protection apparatus further includes:
and the locking module is used for entering a locking state and forbidding external input to operate when all passwords fail.
As a preferred embodiment, the password protection apparatus further includes:
and the prompt module is used for playing prompt information when entering a locking state.
As a preferred embodiment, the password protection apparatus further includes:
and the unlocking module is used for unlocking the locking state after the password is reconfigured and the one-time programmable read only memory storing the corresponding password state identifier is replaced.
Since the embodiments of the apparatus portion and the method portion correspond to each other, please refer to the description of the embodiments of the method portion for the embodiments of the apparatus portion, which is not repeated here.
The password protection device provided by the embodiment can enter the locking state after all passwords fail, prompt information is played to an operator, the OTP ROM with the password state identification is replaced after the operator checks the problem, the locking state of the equipment is released after the password is reconfigured, and thus a set of complete emergency protection process for dealing with password failure is formed, and the safety of the equipment is further ensured.
As shown in fig. 5, the present application also provides a password protection device, including: a memory 40 for storing a computer program; a processor 41, configured to implement the steps of the password protection method according to the above-mentioned embodiment when executing the computer program.
The password protection device provided by the embodiment may include, but is not limited to, a smart phone, a tablet computer, a notebook computer, or a desktop computer.
Processor 41 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and so forth. The processor 41 may be implemented in at least one hardware form of Digital Signal Processing (DSP), Field-Programmable Gate Array (FPGA), and Programmable Logic Array (PLA). The processor 41 may also include a main processor and a coprocessor, where the main processor is a processor for Processing data in an awake state, and is also called a Central Processing Unit (CPU); a coprocessor is a low power processor for processing data in a standby state. In some embodiments, the processor 41 may be integrated with a Graphics Processing Unit (GPU) which is responsible for rendering and drawing the content required to be displayed on the display screen. In some embodiments, processor 41 may also include an Artificial Intelligence (AI) processor for processing computational operations related to machine learning.
Memory 40 may include one or more computer-readable storage media, which may be non-transitory. Memory 40 may also include high speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In this embodiment, the memory 40 is at least used for storing a computer program 401, wherein after being loaded and executed by the processor 41, the computer program can implement the relevant steps of the password protection method disclosed in any of the foregoing embodiments. In addition, the resources stored in the memory 40 may also include an operating system 402, data 403, and the like, and the storage manner may be a transient storage or a permanent storage. Operating system 402 may include, among other things, Windows, Unix, Linux, and the like. Data 403 may include, but is not limited to, password protection methods, and the like.
In some embodiments, the password protection device may further include a display 42, an input/output interface 43, a communication interface 44, a power source 45, and a communication bus 46.
Those skilled in the art will appreciate that the configuration shown in FIG. 4 is not intended to be limiting of the password protection device and may include more or fewer components than those shown.
The password protection device provided by the embodiment of the application comprises a memory and a processor, wherein when the processor executes a program stored in the memory, the following method can be realized: provided is a password protection method.
The password protection device provided by this embodiment can implement the password protection method as described above, and after the password authentication passes, the password deactivation enabling identifier is set, only the designated bit corresponding to the password passing the password authentication at this time is set to be in the permitted state, and other bits are in the non-permitted state, that is, if an operator performs a password deactivation operation at this time, only one password can be deactivated, thereby further ensuring the security of the device. Meanwhile, the invalid password is authenticated by the current password, when a lawbreaker attacks and decrypts a certain password, all passwords cannot be invalid so that the equipment cannot work normally, the current password can only be invalid, and the current password is not safe any more because the current password is already decrypted by the lawbreaker, so that the safety of the equipment is not influenced even if the current password is invalid.
Finally, the application also provides a corresponding embodiment of the computer readable storage medium. The computer-readable storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps as set forth in the above-mentioned method embodiments.
It is to be understood that if the method in the above embodiments is implemented in the form of software functional units and sold or used as a stand-alone product, it can be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium and executes all or part of the steps of the methods described in the embodiments of the present application, or all or part of the technical solutions. And the aforementioned storage medium 21 includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
After the password authentication is passed, the computer medium storing the password protection method sets the password invalidation enabling identifier, only the designated bit corresponding to the password passing the password authentication at this time is set to be in the allowed state, and other bits are in the non-allowed state, that is, if an operator needs to perform invalidation operation on the password at this time, only one password can be invalidated, thereby further ensuring the safety of the equipment. Meanwhile, the invalid password is authenticated by the current password, when a lawbreaker attacks and decrypts a certain password, all passwords cannot be invalid so that the equipment cannot work normally, the current password can only be invalid, and the current password is not safe any more because the current password is already decrypted by the lawbreaker, so that the safety of the equipment is not influenced even if the current password is invalid.
The above description details a password protection method, apparatus, and medium provided by the present application. The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. A password protection method is applied to a password protection device containing a storage medium, and comprises the following steps:
after the password passes the authentication, determining the assigned position of a password invalidation enabling identifier according to the password passing the authentication at present, wherein the password invalidation enabling identifier is stored in the storage medium and is used for representing whether to allow the password to be invalidated;
setting the appointed bit of the password invalidation enabling identification to be in an allowable state, and setting other bits of the password invalidation enabling identification to be in a non-allowable state, wherein the password invalidation enabling identification corresponds to each password one by one according to bits, and only when the password invalidation enabling identification corresponding to the current password is in the allowable state, the password invalidation operation is allowed;
judging whether a failure password request is received or not;
and when the password invalidation request is received, carrying out invalidation operation on the password corresponding to the designated bit.
2. The password protection method according to claim 1, wherein the available password that can pass the password authentication is unique in one password authentication, and the available password is determined by a password status flag, and states of different bits of the password status flag respectively indicate whether different passwords are invalid or not.
3. The password protection method of claim 2, wherein the password state identifier is stored in a one-time programmable read-only memory.
4. The password protection method according to any one of claims 1 to 3, further comprising: and when the passwords are all invalid, entering a locking state and prohibiting external input from operating.
5. The password protection method of claim 4, further comprising: and when the lock state is entered, playing the prompt message.
6. The password protection method of claim 4, further comprising:
and after the password is reconfigured and the one-time programmable read only memory storing the corresponding password state identifier is replaced, the locking state is released.
7. A password protection device, comprising: a storage medium and a controller; the storage medium is connected with the controller and is used for storing a password invalidation enabling identifier, and the password invalidation enabling identifier represents whether to allow the password to be invalidated or not; the controller is used for determining the designated bit of the password failure enabling identifier according to the password passing the authentication at present after the password authentication passes; setting the appointed bit of the password invalidation enabling identification to be in an allowable state, and setting other bits of the password invalidation enabling identification to be in a non-allowable state, wherein the password invalidation enabling identification corresponds to each password one by one according to bits, and only when the password invalidation enabling identification corresponding to the current password is in the allowable state, the password invalidation operation is allowed; judging whether a failure password request is received or not; and when the password invalidation request is received, carrying out invalidation operation on the password corresponding to the designated bit.
8. A password protection device, comprising:
the password authentication device comprises a determining module, a judging module and a judging module, wherein the determining module is used for determining the appointed position of a password invalidation enabling identifier according to the password passing the authentication at present after the password authentication passes, and the password invalidation enabling identifier is stored in a storage medium and is used for representing whether to allow the password to be invalidated or not;
the setting module is used for setting the designated bit of the password invalidation enabling identification to be in an allowed state, and other bits are in a non-allowed state, wherein the password invalidation enabling identification corresponds to each password one by one according to bits, and the password invalidation operation is allowed to be carried out on the password only when the password invalidation enabling identification corresponding to the current password is in the allowed state;
the judging module is used for judging whether a failure password request is received or not;
and the failure module is used for performing failure operation according to the password corresponding to the designated bit when receiving the failure password request.
9. A password protection device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the password protection method as claimed in any one of claims 1 to 6 when executing said computer program.
10. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the password protection method as claimed in any one of claims 1 to 6.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111244197.XA CN113688380B (en) | 2021-10-26 | 2021-10-26 | Password protection method, device and medium |
| PCT/CN2022/089351 WO2023071100A1 (en) | 2021-10-26 | 2022-04-26 | Password protection method and apparatus, and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111244197.XA CN113688380B (en) | 2021-10-26 | 2021-10-26 | Password protection method, device and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113688380A CN113688380A (en) | 2021-11-23 |
| CN113688380B true CN113688380B (en) | 2022-02-18 |
Family
ID=78587891
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111244197.XA Active CN113688380B (en) | 2021-10-26 | 2021-10-26 | Password protection method, device and medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN113688380B (en) |
| WO (1) | WO2023071100A1 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113688380B (en) * | 2021-10-26 | 2022-02-18 | 苏州浪潮智能科技有限公司 | Password protection method, device and medium |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105468962A (en) * | 2014-09-03 | 2016-04-06 | 阿里巴巴集团控股有限公司 | User interface unlocking method and apparatus |
| EP3107073B1 (en) * | 2015-06-15 | 2019-09-18 | Assa Abloy AB | Invalidation of an electronic key |
| CN107547610B (en) * | 2016-06-29 | 2020-02-28 | 腾讯科技(深圳)有限公司 | Character information processing method, server and terminal |
| CN106780895A (en) * | 2016-12-23 | 2017-05-31 | 余仁植 | Method for unlocking coded lock, locking method, coded lock, systems approach and system |
| CN106789079A (en) * | 2016-12-30 | 2017-05-31 | 余仁植 | Identity identifying method, disposal password electronic installation and system |
| CN107730676A (en) * | 2017-09-29 | 2018-02-23 | 东峡大通(北京)管理咨询有限公司 | Unlocking method, device and the storage medium of the vehicles |
| CN112613020B (en) * | 2020-12-31 | 2024-05-28 | 中国农业银行股份有限公司 | Identity verification method and device |
| CN113158172B (en) * | 2021-02-26 | 2022-03-22 | 山东英信计算机技术有限公司 | Chip-based password acquisition method, device, equipment and storage medium |
| CN113688380B (en) * | 2021-10-26 | 2022-02-18 | 苏州浪潮智能科技有限公司 | Password protection method, device and medium |
-
2021
- 2021-10-26 CN CN202111244197.XA patent/CN113688380B/en active Active
-
2022
- 2022-04-26 WO PCT/CN2022/089351 patent/WO2023071100A1/en unknown
Also Published As
| Publication number | Publication date |
|---|---|
| CN113688380A (en) | 2021-11-23 |
| WO2023071100A1 (en) | 2023-05-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3454318B1 (en) | Security system with entropy bits generated by a puf | |
| CN111095213B (en) | Secure boot method, device, equipment and storage medium for embedded program | |
| CN108269605B (en) | Security device state apparatus and method | |
| CN104424441B (en) | Processing system | |
| US7900252B2 (en) | Method and apparatus for managing shared passwords on a multi-user computer | |
| KR102239711B1 (en) | Generation of working security key based on security parameters | |
| US20030140238A1 (en) | Implementation of a secure computing environment by using a secure bootloader, shadow memory, and protected memory | |
| US20030196100A1 (en) | Protection against memory attacks following reset | |
| KR20090095843A (en) | Processor apparatus having secure performance | |
| CN113722720B (en) | System starting method and related device | |
| CN111008390A (en) | Root key generation protection method and device, solid state disk and storage medium | |
| CN111147259B (en) | Authentication method and device | |
| CN113688380B (en) | Password protection method, device and medium | |
| EP2429226B1 (en) | Mobile terminal and method for protecting its system data | |
| CN114785503B (en) | Cipher card, root key protection method thereof and computer readable storage medium | |
| JP2009104380A (en) | Device and method for preventing unauthorized use of robot | |
| CN115934194A (en) | Controller starting method and device, electronic equipment and storage medium | |
| CN112613011B (en) | USB flash disk system authentication method and device, electronic equipment and storage medium | |
| CN108292340A (en) | Data are written to secure data storage equipment security during runtime | |
| JP2008160325A (en) | User authentication method using removable device, and computer | |
| CN110932853A (en) | Key management device and key management method based on trusted module | |
| CN112966276B (en) | Method, device and medium for safely starting computer | |
| CN107423627A (en) | The time slot scrambling and electronic equipment of a kind of electronic equipment | |
| WO2019057612A1 (en) | Distributed deployment of unique firmware | |
| JP2020194464A (en) | Integrated circuit and control method for integrated circuit |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |